Command prompt on XP bootup

  • Thread starter Thread starter John Callaway
  • Start date Start date
J

John Callaway

The following shows on desktop in the command prompt:
C:\WINDOWS\system32>start /b regsvr32.exe /s /n /i:"" "C:\Documents
and Settings
\All Users\Application Data\2308189059\BIT2A.tmp"

My question is how do I stop fix this? I want a normal startup in
msconfig.
JPC
 
John said:
The following shows on desktop in the command prompt:
C:\WINDOWS\system32>start /b regsvr32.exe /s /n /i:"" "C:\Documents
and Settings
\All Users\Application Data\2308189059\BIT2A.tmp"

My question is how do I stop fix this? I want a normal startup in
msconfig.
JPC

That would depend on what is putting it there.

Ammammata mentions Autoruns (from sysinternals.com)
as a solution, which is fine. But if malware is putting
that entry there, it will only come back after each reboot.

If I saw that on my machine, and Google wasn't digging
up a good legit reason for it, I would be scanning
the PC like crazy, for a source.

You can boot the PC with an offline scanner CD if you
want, and scan for malware that way. The ISO9660 file
is a 375MB download, from here.

http://support.kaspersky.com/8092

The regsvr32 is normally applied to DLLs.

The article here tells me, it effectively makes a DLL
available for loading, to any program. It's like adding
it to a library loading path.

http://en.wikipedia.org/wiki/Regsvr32

The "BIT" in the name, implies the downloading system is
putting that there, but I would not consider it "normal"
for an untyped file to be considered as a DLL. If that
was being done for a legitimate purpose, the filename
should reflect the function, and not remain hidden.

If your AV software has already removed the root cause
of this issue, then Autoruns may indeed be able to remove
the (now-unreferenced) entry. But if the entry keeps
coming back, I would be scanning like crazy, to find
the source of it.

Paul
 
Back
Top